The Auditors Report

ASB Update as of April 30, 1999

Ray Whittington, DePaul University
Academic Member of the Auditing Standards Board

In Kurt Pany’s last update, he summarized pronouncements approved for issuance during 1998 and highlighted a number of projects in progress. In this update, I will focus on a few additional projects that are in process. Please contact me if you have any questions, comments or suggestions.

Omnibus SAS Exposed
In April the Board issued an exposure draft of an omnibus SAS, “Audit Adjustments, Reporting on Consistency, and Service Organizations.” The proposed SAS addresses the three audit areas included in its title as described below.

Audit Adjustments. The first part of the proposed SAS addresses a concern raised by the Securities and Exchange Commission about the quality of financial reporting. The amendments establish audit requirements intended to encourage audit clients to record financial statement adjustments proposed by auditors but not considered to be material. To achieve this objective, the proposed statement:

  • Adds an item to the matters generally addressed in the understanding with the client (the engagement letter). The new item states that management is responsible for adjusting the financial statements to correct material misstatements and for affirming to the auditor in the representation letter that the effects of any uncorrected misstatements brought to its attention by the auditor are not material, both individually and in the aggregate.
  • Requires the auditor to obtain, in the management representation letter, management’s acknowledgment that it has considered the financial statement misstatements brought to its attention by the auditor and has concluded that any uncorrected misstatements are not material, both individually and in the aggregate. It also requires that a summary of the uncorrected misstatements be included in the representation letter or in an attachment thereto.
  • Requires the auditor to inform the audit committee about the uncorrected misstatements brought to management’s attention by the auditor.

Reporting on Consistency. The amendments in this section clarify which changes in a reporting entity warrant a consistency explanatory paragraph in the auditor’s report. They amend AU section 420 to:

  • Conform the list in AU Section 420.07 of changes that constitute a change in reporting entity to the guidance in APB No. 20, Accounting Changes.
  • Clarify that the auditor need not add a consistency explanatory paragraph to the auditor’s report when a change in the reporting entity results from a transaction or event, such as the purchase or disposition of a subsidiary.
  • Eliminate the requirement to add a consistency explanatory paragraph to the auditor’s report when a pooling of interests is not accounted for retroactively in comparative financial statements. However, such presentation would result in the need to express a qualified or adverse opinion for the lack of compliance with generally accepted accounting principles.
  • Eliminate the requirement to qualify the auditor’s report and consider adding a consistency explanatory paragraph to the report if single-year financial statements that report a pooling of interests do not disclose combined information for the prior year.

Service Organizations. The amendments in the third part of the proposed SAS are intended to help auditors determine what additional information they might need when auditing the financial statements of an entity that uses a service organization to process transactions. The proposed SAS amends SAS No. 70, Reports on the Processing of Transactions by Service Organizations.

Continuous Auditing
Continuous Auditing, a joint study of the Canadian Institute of Chartered Accountants (CICA) and the ASB, explores the concept, issues and viability of providing continuous assurance services. The study describes how planning, performing and reporting on a hypothetical continuous audit engagement might be structured within the context of existing U.S. and Canadian assurance standards. It focuses on characteristics that distinguish continuous audits from other kinds of audits.

The report identifies several areas for future research, including:

  • What is the subject matter (types of information, systems and processes, or behavior) on which users are most likely to want continuous assurance?
  • How does the auditor obtain sufficient evidence to support an opinion when it may not be practicable to readily access external sources or to wait for subsequent events to occur?
  • How does the nature of the subject matter and the need to report continuously affect the way auditors determine materiality and audit risk?
  • Can automated audit tools and techniques be used to obtain sufficient evidence for “soft” information, for example, estimates?
  • Are other continuous assurance services, such as reviews or agreed-upon procedures, feasible?

Continuous Auditing is available and can be obtained by calling the AICPA Order Department ([888] 777-7077) and requesting product number 022510.

Systrust
To respond to the needs of management and business partners for assurance on the reliability of information systems, the AICPA and the Canadian Institute of Chartered Accountants (CICA) are working on developing a new attestation service called SysTrust. In a SysTrust engagement, a CPA performs procedures to determine whether the controls over a system are operating with sufficient effectiveness to enable the system to function reliably. The CPA uses the following four criteria to evaluate system reliability:

  • Availability refers to whether the system operates and provides information in accordance with the specified requirements of that system, and whether the system is accessible for routine processing and maintenance.
  • Security refers to whether the system is protected against unauthorized physical and electronic access. Restricting access to a system prevents potential abuses of system components, theft of system resources, misuse of system software and improper access to private and confidential information. Security also refers to restrictions on the type of information that can be stored and the use of the information captured by the system.
  • Integrity refers to whether the system processes the information it receives completely, accurately, promptly and in accordance with the required authorizations.
  • Maintainability refers to the entity’s ability to make changes to the system in a manner that supports current and future reliability. The system should be able to be updated so that it continues to provide system availability, security and integrity.

This material is still in draft form but should available in several months from the AICPA.

Back to Contents Page